Drone perves defeated by tinfoil houses

If a drone-creeper is snooping on you, you could catch them by grabbing the video stream – but what if it’s encrypted?

Even then, detection turns out to be pretty straightforward: as researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science explain, you don’t need to decrypt the stream at all, you just need to apply a stimulus you control.

Their approach, revealed here and published in detail at arXiv, detects how video bitrate changes given a particular stimulus.

In other words, it’s a particular kind of side-channel attack – which is no surprise, since the researchers in question have applied their skills to side-channel attacks for years.

In the new paper they write: “we demonstrate how an interceptor can perform a side-channel attack to detect whether a target is being streamed by analysing the encrypted FPV channel that is transmitted from a real drone (DJI Mavic) in two use cases: when the target is a private house and when the target is a subject.”

Researcher Ben Nassi, a student of BGU professor Yuval Elovici, said: “The beauty of this research is that someone using only a laptop and an object that flickers can detect if someone is using a drone to spy on them … While it has been possible to detect a drone, now someone can also tell if it is recording a video of your location or something else”.

As demonstrated in the video below, the interception takes advantage of how video encoding algorithms work: if nothing changes in an image between frames, the codec doesn’t need to re-sent redundant information.

If someone’s using a drone to snoop – in the video the drone operator’s observing a house – they’ll park the drone and aim it at the target for a while. Because that image is relatively stable, compression will settle the bitrate the drone transmits down to a fairly low level.

The stimulus the researchers applied was via a “smart film” on the windows, but opening and closing shutters would do just as well: in response to the stimulus provided by the snart film, the bitrate rises, and an interceptor with a suitable RF scanner can see that change without decrypting the video stream.

The researchers also tested whether the technique could be used against drone surveillance over individuals: “In a second outdoor test, researchers demonstrate how an LED strip attached to a person wearing a white shirt can be used to detect targeted drone activity. When researchers flickered the LED lights on the cyber-shirt, it caused the FPV channel to send an ‘SOS’ by modulating changes in data sent by the flickering lights.”